000024513 - Application failures due to symbol collisions in situations where RSA BSAFE libraries (Crypto-C  Cert-C  or SSL-C) are used at the same time other shared libraries are loaded

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000024513
Applies ToThe SSL-module in Apache, mod_ssl, builds using OpenSSL
RSA BSAFE SSL-C is included in another part of Apache application
Oracle ships libraries that include an older version of RSA BSAFE Crypto-C. This same conflict has occurred for BSAFE applications that are built using Oracle.
An application that attempts to link both RSA BSAFE libraries and OpenSSL may run into these problems
IssueApplication failures due to symbol collisions in situations where RSA BSAFE libraries (Crypto-C, Cert-C, or SSL-C) are used at the same time other shared libraries are loaded
A developer is having conflicts compiling their application with an RSA BSAFE library because they are linking with lib files that contain conflicting symbols. These symbols could come from SSL-C or Crypto-C symbols that are already compiled into those libraries. They could also occur if the libraries contain OpenSSL.
CauseThe pre-existing libraries built using OpenSSL, Crypto-C, or SSL-C contain names that are colliding with the linked BSAFE names and are causing many problems
Resolution

To correct this issue, hide the BSAFE symbols in your application. The best way to do this is to move all of the BSAFE code into a shared library and not expose any of the BSAFE symbols.

On Linux Red Hat Advanced Server 3.0, use  --version-script=vs-file.vs  when they link the shared library.  vs-file.vs might look like this example from P11S:

VERSION {
global:
C_GetFunctionList;
P11S_CreateSlots;
P11S_CreateToken;
P11S_InsertToken;
P11S_RemoveToken;
P11S_ResetTokenSessionCounts;
local:
*;
};

They want to put as few if any SSL-C functions in the global section.

Alternatively, you could put the OpenSSL or Oracle libraries in a shared library to hide the conflicting symbols there.


On HP-UX, you can use +e and -h to export and hide symbols.  See

http://docs.hp.com/en/B2355-90654/ch03s09.html

http://docs.hp.com/en/B2355-90655/ch03s02.html#exportingsymbols

NotesOpenSSL and the BSAFE libraries have common roots in the SSLeay library.  This is a common source for conflicts between BSAFE and OpenSSL symbols.
Legacy Article IDa26712

Attachments

    Outcomes